11 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension(). Vulnerabilidad de desbordamiento de enteros en Mbed TLS 2.x anterior a 2.28.7 y 3.x anterior a 3.5.2 permite a los atacantes provocar una denegación de servicio (DoS) a través de mbedtls_x509_set_extension(). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2 https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2 • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario. Se descubrió un problema en Mbed TLS 2.x anterior a 2.28.7 y 3.x anterior a 3.5.2. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2 https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1 • CWE-203: Observable Discrepancy •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum. Se descubrió un problema en Mbed TLS hasta la versión 3.5.1. En mbedtls_ssl_session_reset, la versión TLS máxima negociable no se maneja correctamente. • https://github.com/Mbed-TLS/mbedtls/issues/8654 • CWE-384: Session Fixation •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. Mbed TLS 2.x anterior a 2.28.5 y 3.x anterior a 3.5.0 tiene un desbordamiento de búfer. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDSHAANRULB57GVS5B3DZHXL5KCC7OWQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGRB5MO2KUJKYPMGXMIZH2WRH6QR5UZS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7SB7L6A56QZALDTOZ6O4X7PTC4I647R https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. Se descubrió un problema en Mbed TLS anterior a 2.28.2 y 3.x anterior a 3.3.0. Existe un posible desbordamiento de búfer de almacenamiento dinámico y una sobrelectura de búfer de almacenamiento dinámico en DTLS si MBEDTLS_SSL_DTLS_CONNECTION_ID está habilitado y MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. • https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •